发布时间 :2004-12-23 00:00:00
修订时间 :2008-09-05 16:39:28

[原文]Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to cause a denial of service (server process crash) via a certain data string that is sent to multiple simultaneous client connections to TCP port 407.

[CNNVD]Netopia Timbuktu远程缓冲区溢出漏洞(CNNVD-200412-091)

        Netopia Timbuktu是C/S应用程序用于远程用户访问主机系统桌面。
        Netopia Timbuktu处理部分通信时存在缓冲区溢出问题,远程攻击者可以利用这个漏洞可能以服务程序进程权限执行任意指令。
        服务程序在Mac OS X系统上以root用户权限运行,在TCP 407端口监听客户端连接,通过提交多个并发连接给这个端口,并持续发送特殊字符串数据,可造成缓冲区溢出,服务程序停止响应。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  XF  timbuktu-multiple-connections-dos(18172)
(VENDOR_ADVISORY)  BUGTRAQ  20041119 Corsaire Security Advisory - Netopia Timbuktu remote buffer overflow issue

- 漏洞信息

Netopia Timbuktu远程缓冲区溢出漏洞
中危 边界条件错误
2004-12-23 00:00:00 2005-10-20 00:00:00
        Netopia Timbuktu是C/S应用程序用于远程用户访问主机系统桌面。
        Netopia Timbuktu处理部分通信时存在缓冲区溢出问题,远程攻击者可以利用这个漏洞可能以服务程序进程权限执行任意指令。
        服务程序在Mac OS X系统上以root用户权限运行,在TCP 407端口监听客户端连接,通过提交多个并发连接给这个端口,并持续发送特殊字符串数据,可造成缓冲区溢出,服务程序停止响应。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载升级到Timbuktu v7.0.4版本:

- 漏洞信息 (F35103)

Corsaire Security Advisory 2004-07-20.1 (PacketStormID:F35103)
2004-11-20 00:00:00
Stephen de Vries,Corsaire

Corsaire Security Advisory - The aim of this document is to define a vulnerability in the Netopia Timbuktu 7.0.3 product for Mac OS X that suffers from a buffer overflow.

-- Corsaire Security Advisory --

Title: Netopia Timbuktu remote buffer overflow issue
Date: 20.07.04
Application: Timbuktu v7.0.3
Environment: Mac OS X (10.1, 10.2, 10.3)
Author: Stephen de Vries []
Audience: General release
Reference: c040720-001

-- Scope --

The aim of this document is to define a vulnerability in the Timbuktu 
product for Mac OS X, as supplied by Netopia [1], that allows a remote 
attacker to crash the application and effectively deny service to 
legitimate users.

-- History --

Discovered: 20.07.04 
Vendor notified: 27.08.04
Document released: 19.11.04

-- Overview --

The Timbuktu software is shipped as a client/server application that 
allows remote users to access the desktop of a host system.  The server 
component of this application is vulnerable to a remote buffer overflow 
vulnerability that, when exploited, causes the server process to crash.

-- Analysis --

The server process runs with root privileges on the host Mac OS X and 
listens for client connections on TCP port 407.  By making a number of 
concurrent connections to this port and repeatedly sending a particular 
string of data, a memory buffer is overwritten and the server process 

-- Recommendations --

Upgrade to version v7.0.4 of the Timbuktu application.

-- CVE --

The Common Vulnerabilities and Exposures (CVE) project has assigned the 
name CAN-2004-0810 to this issue. This is a candidate for inclusion in 
the CVE list (, which standardises names for 
security problems.

-- References --


-- Revision --

a. Initial release.
b. Minor detail revision.

-- Distribution --

This security advisory may be freely distributed, provided that it 
remains unaltered and in its original form. 

-- Disclaimer --

The information contained within this advisory is supplied "as-is" with 
no warranties or guarantees of fitness of use or otherwise. Corsaire 
accepts no responsibility for any damage caused by the use or misuse of 
this information.

-- About Corsaire --

Corsaire are a leading information security consultancy, founded in 1997 
in Guildford, Surrey, UK. Corsaire bring innovation, integrity and 
analytical rigour to every job, which means fast and dramatic security 
performance improvements. Our services centre on the delivery of 
information security planning, assessment, implementation, management 
and vulnerability research. 

A free guide to selecting a security assessment supplier is available at 

Copyright 2004 Corsaire Limited. All rights reserved. 


- 漏洞信息

Motorola Timbuktu for Mac OS X Connection Saturation Overflow DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

Timbuktu contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker makes a number of concurrent connections to TCP port 407 and repeatedly sends a particular string of data, which will overwrite a memory buffer and crash the server process, resulting in a loss of availability.

- 时间线

2004-11-19 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 7.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Netopia Timbuktu Server For Apple Mac OSX Remote Buffer Overflow Vulnerability
Boundary Condition Error 11714
Yes No
2004-11-19 12:00:00 2009-07-12 08:06:00
Discovery of this vulnerability is credited to Corsaire Ltd.

- 受影响的程序版本

Netopia Timbuktu Pro for Macintosh 6.0.1
Netopia Timbuktu Pro for Macintosh 7.0.4

- 不受影响的程序版本

Netopia Timbuktu Pro for Macintosh 7.0.4

- 漏洞讨论

Netopia Timbuktu server component for Apple Mac OSX is reported prone to a remote unspecified buffer overflow vulnerability. This issue exists due to insufficient boundary checks performed by the application.

This vulnerability can allow an attacker to corrupt process memory leading to a denial of service condition. If an attacker is able to overwrite sensitive memory addresses and redirect process execution to attacker-supplied arbitrary code, this vulnerability may result in the attacker gaining unauthorized access to the computer.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 解决方案

The vendor has released an update to address this issue. All customers with valid support contracts will be notified of this fix through email. Customers are advised to contact the vendor for further information in regard to obtaining and applying this fix.

- 相关参考